Findings of GSA's FY 2005 Audit

STATEMENT
OF
KATHLEEN M. TURCO
CHIEF FINANCIAL OFFICER
U.S. GENERAL SERVICES ADMINISTRATION
BEFORE THE
SUBCOMMITTEE ON GOVERNMENT MANAGEMENT,
FINANCE AND ACCOUNTABILITY
COMMITTEE ON GOVERNMENT REFORM
UNITED STATES HOUSE OF REPRESENTATIVES
JUNE 7, 2006

Mr. Chairman, and other distinguished members of the Subcommittee, I am Kathleen M. Turco, Chief Financial Officer of the General Services Administration (GSA). I am pleased to have this opportunity to appear before you today to discuss the findings of GSA’s Fiscal Year (FY) 2005 audit as well as GSA’s efforts to improve the overall financial management of GSA.

I would first like to thank this Subcommittee for their efforts to improve financial integrity throughout the Government and my testimony will address the issues that you raised in your letter of May 23, 2006 to David L. Bibb, GSA’s Acting Administrator:

The issue arising in the FY 2005 audit process that led the auditor to issue a disclaimer of opinion;

The status of efforts to improve internal financial controls and comply with the revised OMB Circular A-123;

GSA views on the Office of Management and Budget’s financial management line of business initiative;

The status and operations of GSA’s shared services center; and

An update on the implementation of GSA’s planned financial systems framework.

The General Services Administration - Background

In order to fully appreciate what happened in GSA’s FY 2005 audit, an understanding of GSA and its business is helpful. GSA recorded $18.5 billion of revenues in FY 2005 and employs 12,455 employees (as of May 2006). GSA is primarily funded by three revolving funds that conduct 17 lines of business (see Appendix A). Additionally, GSA has three other revolving funds, ten general funds, nine special funds, and thirteen miscellaneous receipt/deposit funds (see Appendix B). In FY 2005, we paid 1.4 million vendor invoices and issued 475,000 billings to Federal customers.

I should note at the outset that our proprietary accounts (i.e., revenues, expenses, assets, liabilities, and equity) in ALL GSA funds did receive clean opinions. Only the budgetary accounts in two GSA funds received disclaimers of opinion. To summarize, GSA’s FY 2005 audit opinions were:

The reason for the disclaimer on two funds is because the Federal Technology Service (FTS), which is primarily funded by the Information Technology Fund (ITF), funded its professional services line of business through the General Supply Fund (GSF). Because we could not determine how much of these unfilled customer orders (UFCO) belonged in the GSF as of September 30, 2004, the GSF received a disclaimer opinion on their budgetary financial statements as well. In other words, while UFCO and obligation issues exist throughout GSA, the significant internal control breakdowns that lead to the disclaimer opinions existed in the ITF exclusively.

While the majority of GSA financial reporting was considered ‘clean’, GSA appreciates financial integrity to the point that we have chosen to embrace the qualified opinion and capitalize on the opportunity for further pursuit of financial excellence by strengthening internal control throughout all GSA’s funds.

A large portion of our business with the private sector is for ‘time and materials’ as opposed to ‘fixed fee’ projects. Therefore, we often are not completely certain when a project is considered financially complete because we do not entirely know when a vendor has billed us for all of its costs. This is important because this results in ‘residual balances from completed projects’, to which I will refer throughout this testimony. Additionally, with time and materials contracts, there is an incentive to retain funding when a project is perceived as complete just in case a vendor bills GSA for final and unexpected expenses. Appendix C illustrates the order of financial events and recordings made in GSA and customer agency general ledgers as well as how residual balances occur.

The FY 2005 audit and issues that led the auditor to issue a disclaimer of opinion

In August 2005, GSA’s financial statement auditors informed me that they would not be able to rely on GSA’s internal control over processing of certain budgetary activities, specifically: UFCOs and obligations. UFCOs are orders for goods and services, from our FAS customers, for which the good or service has not yet been provided. Obligations are amounts that are designated for a FAS specific endeavor/customer request and may be either undelivered or delivered. In other words, UFCOs are the spending authority GSA's FAS has from its customers and obligations relate to the GSA’s use of our customer’s budget authority. The auditors found residual UFCO and obligation balances from completed projects that were no longer valid. Additionally, they noted issues around incorrect amounts (e.g., '$10,000" instead of "$1,000") as well as the apparent lack of a bona-fide need behind some orders. A bona-fide need (that is, a need that is current, clear and defined within a given fiscal year) is required for a customer to validly obligate their budget authority. If no bona fide need exists, there cannot be a valid obligation or UFCO in GSA’s or its customer’s financial records.

A complete review of GSA records by year-end was impossible at that point-in-time (August 2005). However, GSA was ultimately able to meet the government-wide reporting deadline of November 15, 2005 and report statistically valid FY 2005 year-end numbers by reviewing over 1,200 files and statistically calculating the UFCO and obligation balances. Unfortunately, GSA was not able to statistically calculate these issues as of September 30, 2004, because GSA could not go back in time to recreate the populations of transactions that were needed for sampling. Therefore, GSA had valid FY 2005 year-end numbers but did not have reliable FY 2004 ending numbers. Since these were the same as FY 2005 beginning numbers, GSA was prevented from receiving its 18th consecutive clean opinion. The specific amounts that GSA adjusted its FY 2005 year-end numbers were:

Numbers are in Millions

FBF

GSF

ITF

Total

Unfilled Customer Orders

320

33

700

1,053

Obligations

(109)

(58)

(277)

(444)

Materiality*

450

108

252

NA

* = Materiality is an amount that approximates a reasonable financial statement reader’s opinion of the accuracy of the financial statements. This subjective amount can be calculated as 3 percent of the larger of assets or expenses per the Government Accountability Office’s (GAO) Financial Audit Manual (section 230.11). GSA’s overall materiality is $450 million that is the same as the Federal Buildings Fund (FBF) because the FBF has the vast majority of assets reported by GSA.

The problems I have described were ultimately allowed to occur because our primary system of financial record received summary information that could not be aged to identify the oldest and most suspect balances. Additionally, headquarters personnel in my office did not have access to the business systems feeding our general ledger. These contributing factors have been, or will be, corrected by fiscal year-end.

As I have mentioned, we are embracing the opportunity for positive change at GSA and have instituted a number of changes in FY 2006. GSA financial management is excited about the changes noted below and taking significant steps towards our mantra: “Good data in the system all the time!”

Status of effort to improve internal control and comply with OMB Circular A-123

The Office of the Chief Financial Officer and the financial community at GSA has undertaken a substantial revision to our financial and management internal control program during FY 2006. We are doing this both to address and resolve the material weaknesses identified by our external auditors as well as to improve our policies, operations and management oversight of GSA’s financial activities for the future. We have a variety of management activities and control programs underway. I would like to discuss each of these programs.

Aging Reports

GSA has launched an aggressive effort to identify completed projects with residual balances and projects for which a bona fide need no longer exists. The primary tool to aid this effort is aging reports. As of today, GSA has developed reports that breakout UFCO, obligation, accounts receivable, and accounts payable balances by fiscal year and region. This allows us to focus our resources on the oldest and therefore most suspect balances and ensure our clean up effort is as effective as possible. The other and perhaps more significant feature of these reports is the identification of balances by region. GSA is comprised of one headquarters office and eleven regional offices. We are identifying which regions are doing the poorest job of cleaning up old balances as well as which regions are doing the best job and sharing that information publicly. This use of peer pressure is proving to be a highly motivating tactic.

File Reviews

With the aid of the aforementioned aging reports, we are reviewing all significant files at GSA. Specifically, for the Federal Buildings Fund (FBF), we are reviewing 75% of all obligations as well as 100% of any FY 2004 and prior UFCOs with no financial activity in the last 12 months. In the GSF, we are reviewing the files as well and already completing correction on $47 million of the estimated $58 million problem with their obligations as well as $26 million of the estimated $33 million problem in their UFCOs. For the ITF we have completed reviewing 95% of all FY 2005 and prior UFCOs and are on track to return over $600 million in invalid UFCOs by fiscal year-end. Finally, we are reviewing all obligations with their five largest vendors that comprise the majority of ITF obligations. Additional reviews applying the new streamlined deobligation policy (described below) are also underway in each Service.

Revised Policies

We have issued three significant polices as a direct result of our FY 2005 audit results:

Streamlined Deobligations – This policy gives business managers and accountants the authority to deobligate any balance under $100,000 that is not certified as valid, in writing, by a Contracting Officer. Previously, the authority to deobligate funds from our accounting system primary rested with Contracting Officers who are guided by Federal Acquisition Regulations (FAR) as opposed to Federal Accounting Standards. This policy is in compliance the FAR and was jointly issued by GSA’s Chief Acquisition Officer and myself. The need for this policy was a lesson learned as GSA wrestled with the question: “Who has responsibility for obligations in the accounting system; Contracting Officers who record obligations or Accountants who report financial information?”

Obligation Certification – This policy requires certifications similar to UFCO certifications but for obligations instead.

Both UFCO and obligation certifications will be validated by "A-123 testing teams" established in FY 2006 to strengthen our compliance with the requirements of OMB Circular A-123, Management's Responsibilities for Internal Control. We believe the certification policies and the validation of their effectiveness by A-123 testing teams will be highly effective controls that will prevent residual balances from existing in GSA’s financial systems ever again.

Reconciliations of Business Feeder Systems to Core Financial System

Also noted in our auditor’s report was the fact that GSA services were not adequately reconciling their business systems to our primary financial system. When the reconciliations were adequately performed in FY 2005, a $500 million (i.e., material) adjustment resulted. While we were able to correct this issue in FY 2005, the fact that a material adjustment was required indicates that our primary reporting system could not produce timely or accurate information on a day-to-day basis without significant, manual correction and therefore was a far cry from “Good data in the system all the time!”

This fiscal year GSA will begin reconciling all business systems contributing material financial information to GSA’s core financial system's standard general ledger by the GSA services and the OCFO Regional finance centers reconciled on either a monthly or semi-annual basis. Currently, there are eleven systems and/or sub-systems that must be reconciled:

Common Oracle Dababase (CODB) - Monthly

Integrated Task Orders Management System (ITOMS) - Monthly

Order Management Information System (OMIS) - Monthly

GSA Preferred (GSAP) – Monthly (to be withdrawn)

Reimbursable Work Authorization (RWA) - Monthly

Sale To Agency Report (STAR) - Monthly

Federal Supply Systems Payment System (FEDPAY) - Monthly

FSS Automated Supply System (FSS–19) - occurring now - will be semi-annual

Requisitioning, Ordering & Documentation System (ROADS) - occurring now - will be semi-annual

GSA is currently comparing budgetary and proprietary accounts that move in-synch to ensure our budgetary and proprietary accounts both contain accurate financial information. For example, we are comparing the proprietary Accounts Receivable to the budgetary equivalent Earned Reimbursements – Receivable because these accounts are impacted identically. Therefore, we would expect the balances to be identical. We now have a routine monitoring process that ensures their balances are indeed identical. This effort has reviewed 2.5 million transactions and is currently 98 percent complete.

Fiscal Year 2006 Financial Audit Statistical Sampling

We are planning to conduct FY 2006 statistical samples similar to what we performed at the end of FY 2005 because we want to measure and prove the effectiveness of our corrective efforts. Additionally, we want to review sample results by region in order to gain additional feedback as to which regions are paying the most attention to financial integrity.

Improving GSA’s Federal Managers Financial Integrity Act Program

GSA has developed a new assurance statement application, which incorporates questions covering the Federal Managers Financial Integrity Act (FMFIA), Federal Information Security Management Act (FISMA), Federal Financial Management Improvement Act (FFMIA), as well as specific questions relating to the finance, budget, contracting and procurement. Managers are asked to respond to questions based on their Service, Staff Office, or area of responsibility. All managers completing an assurance statement are required to answer questions regarding the five standards of internal control. The project is being conducted in two phases:

Phase I is the development of the assurance statement application.

The redesign of the assurance statement is 75 percent complete.

We met the June 2, 2006, deliverable date for testing.

We are on schedule to meet the June 30, 2006, launch date of the Phase I live application.

Phase II is the development of the internal control application.

We are developing an "A-123 database" which will track all A-123 identified internal control weaknesses. Development of the A-123 internal control database is being conducted in conjunction with the assurance statement application.

The final product will offer GSA a comprehensive tool to complete assurance statements, review and monitor the internal control plans, conduct risk assessments, internal control reviews, and track the implementation of internal control recommendations. Additionally, the application will provide extensive reporting and analytical tools for assessing internal controls at GSA.

OCFO Performance Management

GSA has instituted a robust Performance Management Program and has implemented a performance measurement tool (PMT) that tracks various performance measures across GSA and within the CFO’s office. Monthly, we track the following financial management measures:

We also track performance measures of our financial systems operations

Systems Integrity Index

Systems Availability

Earned Value on Development, Modernization and Enhancement Projects

Monthly Closeout Cycle

Transaction Timings

OCFO Management of Financial Policy and Operations

We are confident that these efforts will be sufficient to regain a clean audit opinion on ALL GSA funds in FY 2006 and we are highly encouraged by OMB’s scorecard progress rating for Financial Performance of GREEN. However, we are pursuing other endeavors as well to ensure financial excellence. Specifically:

GSA’s OCFO is holding quarterly meetings, attended by the entire GSA financial community, for the purpose of presenting the status of corrective efforts for each fund, as well as sharing of best practices.

GSA OCFO is reinforcing the concept of strong internal controls via posters, constant emails, and even our daily coffee mugs that are imprinted with the OCFO's mantra: “Good data in the system all the time!” We have produced and distributed executive and employee internal control guides that summarize the essentials of internal controls. The guides are being used extensively in training which is being offered throughout GSA's Regions, Services, and Staff Offices.

I have created a team to design and test new reports that will clearly represent the status of open audit issues. The project has been successfully completed and the reports are available to users. The reports graphically depict the percentage of action steps completed and remaining for each audit issue.

GSA OCFO has developed an internal controls handbook. The handbook incorporates the requirements of the revised OMB Circular A-123 and includes system controls as required by FISMA.

Initiating a wide series of actions to enhance system operational and technical controls in accordance with National Institute of Standards and Technology (NIST) guidance.

Actions taken in this area contributed to GSA’s recent A- grade for FISMA compliance.

GSA OCFO is promoting a “Financial Excellence Award” that will be awarded to the GSA region which displays the highest regard for internal controls and financial excellence at GSA. The award will be given at the end of this fiscal year based on A-123 test results, financial statement audit results, and aging report results.

OMB Circular A-123 Implementation

The challenges we faced in “cleaning up” our disclaimer have driven us to embrace and quickly implement the revised OMB Circular A-123, Management’s Responsibilities for Internal Control across GSA. We have established a strong program to assess internal control over financial reporting to ensure the efficiency and effectiveness of GSA operations, the reliability of our financial reporting, and compliance with applicable laws and regulations. Our program closely follows the guidance provided by OMB in Circular A-123, Appendix A, Internal Control Over Financial Reporting, and the implementation guide issued by the Chief Financial Officer’s Council for the assessment, documentation, and reporting on our internal controls over financial reporting. I should note that GSA staff actively contributed in the drafting of the implementation guide.

The GSA program for internal control over financial reporting consists of a five-step process of:

planning,

evaluating internal control at the organizational entity level,

evaluating internal control at the process level,

testing at the transaction level, and

concluding, reporting and correcting deficiencies and weaknesses.

I lead our Senior Assessment Team (SAT), a group of experienced senior executives who provide leadership and oversight of our assessment of internal control over financial reporting. Senior members of the GSA Office of Inspector General serve as advisors to our SAT. The SAT has completed the planning process for our assessment, which includes: the scope and materiality assessment; determination of key processes supporting material line items; risk analysis; integration and coordination with other control related activities; evaluation of our IT infrastructure; and determination of our testing approach.

We have completed our evaluation of controls at the organizational entity level. Using the Internal Control Management and Evaluation Tool developed by GAO, we developed an evaluation process for controls at the organizational entity level. Our evaluation included the five standards for internal control: control environment; risk assessment; control activities; information and communication; and monitoring.

In our evaluation of controls at the process level, we cross-walked our key business processes to our material financial reporting line items. We documented our most important key financial reporting processes and conducted a risk assessment. The assessment team reviewed the control design for adequacy and identified key controls.

The SAT evaluated our key controls and made the decision to test all key controls during FY 2006. To ensure coverage of all key controls, we selected five regional offices, a warehouse operation, and several headquarters locations to perform testing. Testing teams were established consisting of SAT staff, business line staff, and contractor staff. Testing has been completed in all locations and we are currently completing follow up work and evaluating the results of our testing.

In June 2006, we will prepare a final report on our test results and the SAT will complete their assessment. We will analyze the findings to determine if internal control deficiencies, reportable conditions, or material weaknesses exist. If so, we will develop and implement corrective action plans. We are monitoring progress on existing corrective action plans. We will formulate our recommendation on the level of assurance the Administrator should provide on our internal controls over financial reporting. GSA will be providing a statement of assurance over the effectiveness of internal controls over financial reporting as of June 30, 2006, in our Performance and Accountability Report. Any changes in the status of our assessment of the effectiveness of internal control between June 30 and September 30, 2006 will be in our Annual Assurance Statement.

Going Forward – the FY 2006 Financial Reporting and Audit Opinion

The efforts I have described are an aggressive approach to cleaning up our financial house. If carried out effectively, we should regain a clean audit opinion. However, I cannot guarantee a clean audit opinion in FY 2006. As noted above, GSA calculated statistical projections of our UFCO and obligation issues at the end of FY 2005. Statisticians from three separate firms, including our external auditors, all agreed on the sampling and projecting methodology but ultimately, our projections were estimates. If our review efforts this year find errors materially different than what we estimated last year, then our FY 2005 projections were materially misstated, which means our FY 2005 ending balances were materially misstated and, therefore, our FY 2006 beginning balances are materially misstated. In the event that we are unable to quantify the differences between our reviews and statistical projections, a clean FY 2006 opinion will not be possible. All current indicators are that this is unlikely, but I would be remiss in not acknowledging this possibility.

Views on OMB’s financial management line of business initiative

Both the private sector and Federal Government have proven time and again that a shared services model for back office functions works effectively, saves money, and allows organizations to focus their resources on achieving their primary missions. We fully support the vision of Federal Management Line of Business (FMLOB) initiative and the four FMLOB work streams that OMB has initiated. Standardization of common processes and data, coupled with disciplined, proven approaches toward data migration, project management, and information technology management makes good business sense. A strategically-focused and balanced set of performance measures, capturing FMLOB outcome goals at the strategic level and tiering down to operational service level metrics, will help drive change in the right direction, while ensuring there is accountability for results.

OMB's roadmap toward achieving FMLOB goals starts with IT consolidation of services and products but progresses toward achieving improved integrity, stronger controls, increased productivity through streamlined processes, and integrated financial and program data. Achieving the goals envisioned by the FMLOB initiative is a long-term effort and one that will surely evolve as the initiative matures. There is tremendous potential to avoid costs through consolidation of IT services, by requiring agencies to migrate to a Shared Service Provider (SSP) for data center hosting and application management services. Yet, FMLOB should be viewed as much more than just an IT Initiative that considers financial management services as commodities.

From the GSA OCFO perspective, the FMLOB success hinges upon maintaining the critical and governmental role of ensuring regulatory and policy compliance, effective internal controls, financial data integrity, integration of data with mission-critical programs, and security and protection of our Federal assets and data. The importance of this role cannot be understated and will only increase as the scope of FMLOB services expands over time -- which they will. Today, the focus is on financial management systems; in the longer term, increased numbers of agencies will look to FMLOB providers for transaction processing and financial analysis and reporting support services. Significant financial management improvement opportunities and cost avoidance/savings exist by leveraging the Government's expertise and controls and economies of scale that a Federal SSP can provide. For example, the FMLOB shared services concept can be extended to include audit and compliance reviews support services, security support services, contract management services, joint procurement opportunities, access to Federal financial management, accounting and financial systems expertise, and additional lessons learned as we gain further understanding of our capabilities.

Migrating agencies want GSA, as an SSP, to ensure we are competent, compliant, and cost-efficient. A market-driven, competitive framework for the FMLOB initiatives is a good approach to selecting a SSP. We believe competition is healthy and must include appropriate mechanisms for accountability once a provider is selected to ensure good stewardship of taxpayer dollars, irrespective of whether the selected source is a public or private provider. We are working closely with OMB to ensure policies facilitate competitions that are fair and transparent as well as accountability for results.

Lastly, while the FMLOB effort is on the right path, there are two areas that I believe require additional attention:

Integration and coordination, at a tactical planning level, across the eGov and Line of Business initiatives can be improved. Our concept of operations for FMLOB envisions a stronger portfolio-based approach to planning and managing these initiatives. Combining the efforts of Financial Systems Integration Office (FSIO) and the Federal Enterprise Architecture Program Management Office (PMO) should help clarify and give increased visibility to interdependencies between program areas and financial management. We understand that the scope of financial management reaches into many other "lines of business" and cannot – and should not – be viewed as silo efforts. Within each eGov or LOB "stovepipe" the plans and milestones are sound but often, when the requirements are presented to agencies, the efforts have conflicting timeframes, are difficult to adequately fund when taken in total, and have interdependencies that are not always taken into consideration.

To date, FMLOB discussions have primarily focused on Chief Financial Officers Act agencies. We continue to have conversations with OMB about the importance of accommodating the needs and cost constraints for small and mid-sized agencies. As a provider for more than forty small agencies, boards, and commissions, we understand the services they require, the level of support they need, and what they can afford to pay.

Status and operations of GSA’s shared services center

Serving other Federal agencies is the core mission of GSA. GSA's Federal Integrated Solutions Center (FISC) provides financial management services and products to our clients, allowing them to concentrate on their core missions and utilize their limited resources where they will best support expending taxpayers’ dollars on effective programs. This allows our client agency’s primary focus to be on achieving program outcomes.

Our motivation is to serve the public taxpayer by providing best value, Federally focused financial management services that deliver results and reduce cost and risk to the Government and public. We are ready to share our expertise and lessons learned, and to help agencies leverage the combined resources of the Government to attain and sustain high-performing, cost-efficient financial management systems, and service solutions.

Through our more than 30 years of cross-servicing experience and expertise in financial services, government rules and regulations, Treasury requirements and OMB mandates, we provide our client agencies with a partner that is not only expert in governmental accounting, reporting, and internal control, but is in a position to bond seamlessly with a sister agency. This combination of financial “know how”, customer service, and systems and process expertise, allows us to help our clients meet their current and future missions as well as the public laws and mandatory requirements of regulatory agencies.

Our current client base includes GSA Services and Staff Offices as well as 47 independent agencies, boards and presidential commissions that receive a full range of governmental financial and accounting services, and 37 agencies receiving payroll services. We actively participate in cross-agency working groups and councils to ensure we are cognizant of current and emerging issues, are positioned to positively contribute to Federal initiatives and meet Federal requirements, and continuously improve our capabilities and maturity of our service delivery to better meet our customers' needs. The FMLOB initiative created the opportunity for us to build upon our cross-servicing experience and provide financial management shared services to a broader base of agencies. We have carefully and deliberately planned a business model that continues to deliver high quality and customer-centric services to our existing base of customers even as we transition to providing services to larger agencies. Our FMLOB services are built upon a Financial Management Enterprise Architecture (FMEA) foundation that reflects the Federal Systems Integration Office (FSIO)-compliant financial management requirements; recognizes at the business process and data levels the interconnections between financial management and programs; and at the technology level, the common infrastructure elements that can be commoditized, reused, and leveraged across multiple lines of business.

Working in partnership with the OCIO, the OCFO has been a leader in defining GSA's target enterprise architecture. Our FMEA work is being used by FSIO as the foundation document for defining common business processes and data. Further, we are using our methodology and documentation for internal control purposes and are ready to leverage this work to address client agencies needs as well – highlighting high risk processes, segregation of duties across activities, and business rules.

We have placed a priority focus on fundamentals. We know that we must continue to provide sound financial management stewardship, quality-focused and disciplined service delivery, and maintain our reputation for excellence in customer-care in order to achieve our customers' desired results. For our external clients, we offer a FSIO-certified financial management system as well as an annual Statement on Auditing Standards (SAS)-70 audit to provide assurance that we have effective financial management systems and process controls in place for our external clients. We also have multi-layered security in place, and a rigorous and disciplined approach to project and contractor management.

We have recently completed a full-scale go-to-market analysis to ensure we understand current and future market needs and are positioned to effectively compete and provide services to our Federal client agencies for the long-term.

Either with our in-house resources alone, or through our public-commercial partnerships, we can provide a wide range of services, tailored to meet the needs of a particular agency depending upon where it is in its life cycle, its size, and the scope of services it may require. GSA can provide a menu of point or portfolio solutions at various service levels – ranging from data center hosting and application management, to transaction processing support, to fully integrated end-to-end back office systems and services encompassing human resources, payroll, travel, acquisitions, and financial management systems.

GSA is committed to doing what is best for the Federal Government and for our individual client agencies. We believe there is value in developing long-term relationship with our customers so that we are able to do more than just provide services – we want to work with our customers to collaboratively develop and deliver sustainable, integrated solutions that allow them to focus on their missions while we focus on ensuring their back office needs are met. We know that providing financial management services is much more than just providing a data center and some software. By working together, we can identify and act upon opportunities to leverage economies of scale related to people, processes, and technology in order to achieve improved Federal financial management results.

Finally, I would like to assure you, Mr. Chairman, and the other members of the Subcommittee, that the loss of GSA’s financial audit opinion has NO impact on GSA’s ability to provide excellent financial services to other agencies. As noted previously, the primary reason behind the loss of a clean audit opinion was residual balances from past IT projects (i.e., a business practice) and NOT our financial system software or reporting practices. This is further supported by the fact that our financial system received a clean SAS 70 opinion in FY 2005 and is on track to receive another clean opinion in FY 2006. Additionally, the manual internal control processes that service our current customers are independent of the internal controls in GSA’s 17 business lines.

Update on the implementation of GSA’s planned financial systems framework

GSA is successfully operating and maintaining a secure, stable and FSIO-certified Commercial-Off-The-Shelf (COTS) financial management system, known as CGI Momentum Financials, or "Pegasys". In October 2002, Pegasys became GSA's core financial system of record and reflected the culmination of a huge effort that involved migration from the GSA NEAR legacy system to a modern FSIO-compliant system.

GSA has repeatedly demonstrated that a phased approach leads to success. GSA first implemented functionality not residing in the legacy system and then, made the changes necessary for Pegasys to become GSA's system of record. GSA has a sound and secure infrastructure in place, remains current on all minor releases, and is on a two-year refresh cycle for upgrading to the next major version release of the Momentum application. In 2004, my office successfully upgraded the system from version 3.7 to 5.1, on time, on budget and with the desired results. A current upgrade (to Version 6.1.2) is underway and is scheduled to be completed in July 2006. Version 6.1.2 moves Pegasys from a client-server application to a web-based application.

Over the last several years, the OCFO has intensely focused time and resources on maturing our system development life cycle processes, building up a cadre of certified project managers, strengthening our contracts and contract management controls, and institutionalizing a culture of continual quality improvement.

Our implementation of eGov Travel is being successfully managed by an integrated team of finance, systems, and business line representatives, working collaboratively with the eGov Travel PMO and GSA's selected eGov Travel vendor. Again, GSA has taken a methodical, risk-based phased approach as we implement this eGov initiative. Our disciplined project management and systems development approaches has allowed us to identify – and work with the vendor to correct - problems before they create a large-scale impact to the GSA business lines. Although not required, we have also enhanced the security controls related to this eGov Travel application, a benefit we are passing along to the external agencies we serve.

Security and privacy protection of data has also been a priority. We, at GSA, believe that our system controls have been strengthened considerably over the past few years, as evidenced by our recent scorecard grade of an "A" - for FISMA compliance in this area.
The OCFO maintains a comprehensive and proactive IT security program for its financial management systems. IT security program goals are to ensure the confidentiality, integrity and availability of data and systems resources to support daily business needs while adhering to Federal IT security requirements and commercial best practices. We regularly assess our controls to ensure compliance with the Federal Financial Management Improvement Act, Federal Information Security Management Act, and Section 4 of the Federal Managers’ Financial Integrity Act and OMB Circulars Nos. A-127 and A-130.

As with our quality processes, we seek to continually improve upon the controls we have in place. Security activities include, but are not limited to:

conducting System Certification and Accreditation Reviews,

conducting annual IT security awareness training,

updating, reviewing and testing of system contingency plans at least annually,

conducting E-authentication risk and Privacy Act impact assessments for all major systems,

devising system interconnection security agreements to effectively safeguard OCFO-managed systems that interconnect with other organizations,

conducting an annual FISMA assessment of each major OCFO-managed system to improve compliance with NIST requirements, and

maintaining intrusion detection monitoring systems, firewalls, and other controls to safeguard and restrict access to OCFO-managed IT system resources and data.

GSA's management of our financial management applications and the supporting infrastructure technology is sound and secure. Now, in accordance with FMEA standards and to ensure internal GSA alignment to FMLOB and GSA's "to-be" architecture, GSA is ready to move forward on the next phase of our planned financial management systems framework. Our FMEA defines improved business processes and strong integration of GSA's procurement systems to our core financial system. Successful implementation of this FMEA begins with recognition that GSA's business line processes generate financial information that is often initially recorded in acquisition systems outside of Pegasys. Because of the complex nature of GSA's business, acquisition processes are tightly coupled with financial management processes and, absent system integration controls, require substantial people-based controls and resources to ensure proper recording and reconciliation of data.

The strong business process improvement and standardization efforts that are already well underway, coupled with GSA's strengthened internal control programs in our business lines, implementation of a fully integrated acquisition and core financial system at GSA will resolve existing integrity and control deficiencies, meet the business needs of GSA, now and into the future, decrease costs, and provide the ability to perform improved financial and business reporting and analyses.

APPENDIX A

GSA lines of business:

Federal Acquisition Service - Federal Supply Service

Commercial Acquisition

GSA Global Supply

Vehicle Acquisition and Leasing

Travel and Transportation

Personal Property Management

E-Gov

Federal Acquisition Service – Federal Technology Service

Long Distance

Regional Telecommunications

Regional Information Technology Solutions

National Information Technology Solutions

Other

Public Buildings Service

Space Rentals

Installment Acquisition Payments

Building Operations

Basic Repairs and Alterations

Major Repairs and Alterations

Construction and Acquisition

APPENDIX B

Revolving Funds

Federal Buildings Fund

Information Technology Fund

General Supply Fund

Federal Consumer Information Center Fund

Panama Canal Revolving Fund

Working Capital Fund

General Funds

Allowances and Office Staff for Former Presidents

Electronic Government Fund

Excess and Surplus Real and Related Personal Property Holding Account

Expenses, Presidential Transition

Election Reform Payments

Election Reform Reimbursements

Office of Inspector General

Operating Expenses, General Services Administration

Policy and Citizen Services Fund

Real Property Relocation

Special Funds

Expenses, Disposal of Real and Related Personal Property

Expenses, Transportation Audits

Expenses, Acquisition Workforce Training Fund

Operating Expenses, Disposal of Real and Related Personal Property

Other Receipts, Surplus Real and Related Personal Property

Receipts of Rent, Leases and Lease Payments for Government Owned Real Property

Receipts, Transportation Audits

Receipts, Acquisition Workforce Training Fund

Transfer of Surplus Real and Related Personal Property

Miscellaneous Receipt and Deposit Funds

Budget Clearing Account

Credits for Withholding and Contributions, Civil Service Retirement and Disability Fund

Employees' Payroll Allotment Account, U.S. Savings Bonds

Fines, Penalties, and Forfeitures, Not Otherwise Classified

Forfeitures of Unclaimed Money and Property

General Fund Proprietary Interest, Not Otherwise Classified

General Fund Proprietary Receipts, Not Otherwise Classified, All Other

Proceeds from Sale of Surplus Property

Reserve for Purchase Contract Projects

Suspense

Suspense, Transportation Audits

Unconditional Gifts of Real, Personal or Other Property

Withheld State and Local Taxes

APPENDIX C

This example illustrates the budgetary financial events surrounding a customer agency’s request for a $100 good or service and when the good/service is actually provided by a vendor for $98.

Financial Event

Customer Agency

GSA

1. A $100 order is placed by the customer and accepted by GSA.

Customer records a $100 obligation of budget authority to GSA.

GSA records a $100 unfilled customer order from the customer.

2. GSA contracts with a public vendor to provide the good or service to the customer agency.

No effect.

GSA records a $100 obligation to the vendor upon signing of an agreement/contract.

3. The public vendor bills GSA $98 for the good/ services provided and receives payment.

The customer maintains a $100 obligation. However, $98 is moved from undelivered orders to delivered/expended orders. Both of these are components of obligations. However, there is now a residual $2 undelivered order that will never be delivered.

Assuming the customer used an annual appropriation and the fiscal year has now passed, a return of the $2 requires a deobligation and a return of funding back to Treasury because the $2 is no longer available for any new obligations.

GSA also maintains a $100 obligation but moves $98 from undelivered orders to delivered/ expended. However, there is now a residual $2 undelivered order that will never be delivered.

Additionally, GSA reduces unfilled customer orders by $98 and leaves a residual $2 unfilled customer order that will never be filled.

This leaves the GSA project manager with the choice of: 1) return the $2 that the customer agency really doesn’t want; or 2) work on urgent priorities of other customers? Additionally, if this is a time and materials contract and the obligation and unfilled customer order are closed out before ALL vendor invoices are paid, GSA could very likely have to pay the additional bill with its’ own funding. Therefore, there are strong incentives to leave these balances on the books ‘just in case’.